Hi Bastien, it's the task of the backend to manage the authorization including users and permissions.
If the view and permission system allows all users to see everything and you dont want it that way than you have to check permission in your views. See https://docs.djangoproject.com/en/1.3/topics/auth/ This has nothing to do with having the id in the url or not cause hiding the id wont help you get a more secure system if your auth backend is crappy. Security by obscurity doesnt work. HTH && Greets Basti Am Fri, 23 Mar 2012 04:06:45 -0700 (PDT) schrieb Bastien <bastien.roche...@gmail.com>: > I am concerned about seeing the IDs of objects appearing in the URL > and in a totally predictable manner. It is very convenient and clean > to do all sorts of things but can be abused very easily to retrieve > all the content of the site, ie: photos... > Is it a good idea to try to change this behavior? Maybe with some > sort of middleware? Is there any project doing it already? For > instance the urls in Instagram seem to be encoded at least. > -- Bastian Ballmann / Web Developer Notch Interactive GmbH / Badenerstrasse 571 / 8048 Zürich Phone +41 43 818 20 91 / www.notch-interactive.com -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
